Skip to main content
Salud implements a zero-knowledge privacy model powered by the Aleo blockchain. This means your medical data remains private even when stored on a public blockchain.

Zero-Knowledge Architecture

What is Zero-Knowledge?

Zero-knowledge proofs allow you to prove something is true without revealing the underlying data:
  • Prove ownership: You can prove you own a medical record without revealing its contents
  • Prove access: Doctors can prove they have permission without seeing other records
  • Prove validity: The blockchain can verify transactions without seeing private data
Aleo’s zero-knowledge virtual machine (zkVM) ensures all private data remains encrypted on-chain while still enabling computation and verification.

Privacy Layers

Salud implements multiple privacy layers: 
┌─────────────────────────────────────────────────────────┐
│ Layer 1: CLIENT-SIDE ENCRYPTION                         │
│ • Medical data encrypted in your browser                │
│ • Private key never leaves your device                  │
│ • Zero-knowledge of plaintext by server                 │
└─────────────────────────────────────────────────────────┘


┌─────────────────────────────────────────────────────────┐
│ Layer 2: PRIVATE RECORDS                                │
│ • Stored as Aleo private records                        │
│ • Only visible to record owner                          │
│ • Encrypted at blockchain level                         │
└─────────────────────────────────────────────────────────┘


┌─────────────────────────────────────────────────────────┐
│ Layer 3: ACCESS CONTROL                                 │
│ • Public access grants (metadata only)                  │
│ • No medical content in public mappings                 │
│ • Cryptographic token verification                      │
└─────────────────────────────────────────────────────────┘

Data Visibility Model

Understand what data is private vs. public in Salud:
Data TypeVisibilityWho Can SeeWhat They See
Medical record contentPrivateOwner onlyFull encrypted data
Record IDPrivate to ownerOwner onlyUnique identifier
Access grantsPublic metadataAnyoneWho has access, when it expires
Access tokensSemi-publicToken holdersCryptographic proof of permission
Record metadataOptional publicAnyone (if enabled)Record type, creation time
Patient addressPublicAnyoneYour Aleo wallet address
Important: While access grants are public, they only contain metadata:
  • Who granted access (patient address)
  • Who received access (doctor address)
  • Which record (record ID, not content)
  • When it expires (block height)
They never contain actual medical data.

Encryption Process

Creating a Medical Record

Here’s how data flows when you create a record:
1

Enter medical data

You type your health information into the Salud interface.
2

Client-side encryption

The frontend encrypts your data using your private key:
const encryptedData = encryptWithPrivateKey(medicalData, privateKey);
3

Split into fields

Encrypted data is split into 12 field elements (Aleo’s data type):
const chunks = splitIntoFields(encryptedData); // ~360 bytes capacity
4

Generate integrity hash

A hash is computed for data integrity verification:
const dataHash = hash(medicalData);
5

Create record on-chain

The Leo program creates a private record:
let medical_record: MedicalRecord = MedicalRecord {
    owner: self.caller,
    record_id: BHP256::hash(patient + data_hash + nonce),
    data_hash: data_hash,
    data_part1: chunks[0],
    // ... data_part2-12
    record_type: record_type,
    created_at: 0u32,
    version: 1u8,
};
6

Store as private record

Aleo blockchain stores the record encrypted - only you can decrypt it.

Record ID Generation

Record IDs are deterministically generated using cryptographic hashing: 
record_id = BHP256::hash_to_field({
    patient: address,      // Your Aleo address
    data_hash: field,      // Hash of encrypted data
    nonce: field,          // Random nonce you provide
})
Why this approach?
  • Unpredictable: Impossible to guess record IDs
  • Unique: Each record has a unique ID
  • Deterministic: You can compute the ID client-side before submitting
  • Privacy-preserving: ID reveals nothing about the content
The client-provided nonce ensures you control the randomness - the backend cannot predict or manipulate record IDs.

Access Sharing Model

How Sharing Preserves Privacy

When you share a record with a doctor, Salud uses a capability-based access model:
  1. You create an access grant with cryptographic proof
  2. Doctor receives an access token (via QR code)
  3. Doctor verifies the token on-chain
  4. You separately share the encrypted record (off-chain or via separate channel)
  5. Doctor decrypts using their credentials
The blockchain only stores permission metadata, not the medical data itself. The actual sharing of encrypted data happens separately.

Access Token Generation

Access tokens are cryptographically unique: 
access_token = BHP256::hash_to_field({
    record_id: field,      // Which record
    doctor: address,       // Doctor's address
    patient: address,      // Your address
    nonce: field,          // Random nonce
})
Security properties:
  • Collision-resistant: Virtually impossible to generate the same token twice
  • Unforgeable: Cannot be created without the correct inputs
  • Single-purpose: Each token is for one specific record and doctor
  • Time-bound: Automatically expires based on block height

Time-Limited Access

Access duration is enforced at the blockchain level: 
let expires_at: u32 = block.height + duration_blocks;

// Later, during verification:
assert(block.height <= grant.expires_at);
Duration limits:
  • Minimum: 240 blocks (~1 hour)
  • Maximum: 40,320 blocks (~7 days)
  • Default: 5,760 blocks (~24 hours)
Block height-based expiration is immutable and automatic. You cannot extend an existing grant - you must create a new one.

What Data is Never Exposed

Salud’s architecture ensures these data elements remain completely private:

Medical Record Content

Your health data (diagnoses, prescriptions, lab results) never leaves your browser unencrypted.

Private Keys

Your Aleo private key is only stored in memory during your session - never persisted to disk or sent to servers.

Decryption Keys

Only you hold the keys to decrypt your records. The backend and blockchain cannot decrypt your data.

Full Medical History

When sharing with a doctor, you choose specific records - they never see your entire history.

Privacy Guarantees

What Salud Guarantees

Medical data is encrypted end-to-end
  • Data encrypted in browser before transmission
  • Stored encrypted on blockchain
  • Only you can decrypt with your private key
Backend has zero knowledge of content
  • Server facilitates transactions but cannot read records
  • No medical data stored in backend databases
  • Session keys only in memory, never persisted
Access control is cryptographically enforced
  • Access tokens use secure hash functions
  • Verification happens on-chain with immutable state
  • Time-based expiration cannot be bypassed
Selective disclosure
  • Share individual records, not entire history
  • Control exactly what each doctor sees
  • Revoke access instantly at any time

What You Must Ensure

⚠️ Secure private key management
  • Store your private key in a password manager
  • Never share it with anyone
  • No recovery if lost - permanent data loss
⚠️ Trusted device and browser
  • Use secure, malware-free devices
  • Keep browser and OS updated
  • Avoid browser extensions that could access memory
⚠️ QR code security
  • Treat QR codes like passwords
  • Don’t share screenshots publicly
  • Delete after doctor has scanned
⚠️ Verify doctor addresses
  • Ensure you have the correct Aleo address
  • One character wrong = wrong recipient
  • No way to “undo” a grant to wrong address

Privacy vs. Transparency Trade-offs

Salud balances privacy with necessary transparency:
AspectPrivatePublicReasoning
Medical contentSensitive health information
Record ownershipWho created record is private
Access permissionsEnables doctor verification
Access expirationTime-based revocation needs visibility
Revocation statusDoctors must check validity
Transaction historyBlockchain immutability requirement
Public mappings enable verifiable access control without exposing sensitive medical data. This is the key innovation of Salud’s privacy model.

Comparison: Traditional vs. Salud

FeatureTraditional EHRSalud on Aleo
Data storageCentralized hospital databaseDecentralized blockchain
EncryptionAt-rest onlyEnd-to-end + at-rest
Access controlHospital admin controlsYou control via tokens
Data visibilityHospital staff can seeZero-knowledge proofs
SharingFax or direct DB accessCryptographic tokens
RevocationManual request to hospitalInstant on-chain update
Audit trailInternal logs (modifiable)Immutable blockchain
Data ownershipHospital ownsYou own

Next Steps

Security Overview

Learn about Salud’s overall security architecture

Best Practices

Security guidelines for protecting your health data

Build docs developers (and LLMs) love

Get started for freeTalk to us